World Academy of Science, Engineering and Technology 52 2009
A Conceptual Framework for the Integration of
IT Infrastructure Management, IT Service
Management and IT Governance
Martin Hans Knahl
Abstract—The definition and use of standardized IT
Management techniques and processes provide the basis for IT
Service Management and IT Governance. With the establishment of
de facto standard “Best Practice” reference and process models such
as the IT Infrastructure Library (ITIL) or Control Objectives for IT
and related Technologies (CobiT), an integrated management
architecture for the provision of IT-Services built upon standardsbased processes and tools becomes feasible. ITIL provides a
structured and widely adopted approach to IT Service Management
and its processes. ITIL can further be aligned with related standards
such as ISO 20000 to manifest IT Service Management practice or
CobiT to support IT Governance. However IT Management processes
must be developed to align with the existing IT infrastructure and
operation and must be modeled around frameworks such as ITIL.
This paper illustrates the key IT Management requirements and
reviews the current state of the art. A case study highlights the
contribution of reference models and management related tools for
organizations and presents an integrated management architecture.
Fig. 1 IT-Service
A number of general key requirements exist that are further
complemented by organization specific needs (Bartolini &
Salle, 2006, Iqbal et. Al, 2007; Schwartz et al 2007, Zhen &
Xin-Yu, 2007):
x Align IT and business strategy;
x Reduce Total Cost of Ownership (TCO) and increase
Return On Investment (ROI);
x Comply with Corporate- and IT-Governance regulation
(e.g. Sarbanes Oxley 404, Euro-SOX);
x Provide required IT services and standardize IT
operations;
x Increase IT Customer satisfaction and productivity.
The paper provides a comprehensive overview of the
requirements for integrated IT management and presents the
adoption of different reference frameworks and techniques
when addressing the key issues for an organization. Section II
outlines IT Management requirements and frameworks. It
isolates the different IT Management areas and identifies the
most relevant corresponding IT Management reference models
(ITIL and CobiT) that provide the context of the research.
Section III analyses the various IT Management Stakeholders
and related research. Section IV discusses the results of a case
study. It presents an integrated management architecture and
provides recommendations for the provision of management
services. Section V gives a conclusion and discusses future
work.
Keywords— IT Management, IT Service Management, ITIL.
I.
INTRODUCTION
“An IT service [according to ITILv3] is a service provided to one or more
customers by an IT service provider. An IT service is based on the use of
IT and supports the customer‘s business processes. An IT service is made
up from a combination of people, processes and technology and should be
defined in a Service Level Agreement.“ (Iqbal et al, 2007)
I
T Services have existed ever since the adoption of IT
Systems. However there has been rather limited progress in
the standardization of processes for the delivery of IT Services
(Chesbrough and Spohrer, 2006;). However, giving the rising
costs of IT and the importance of IT in today’s corporations
the need for IT Alignment (i.e. the alignment or
correspondence between the business goals and the IT
requirements), IT Compliance (e.g. Sarbanes Oxley) or the
management of IT Services becomes evident (Johannsen &
Goeken, 2006; Masak, 2006).
Prof. Dr. Martin Knahl is with the University of Applied Sciences
Furtwangen, Rober-Gerwig-Platz 1, 78120 Furtwangen, Germany (phone:
+49-7723-921-0; fax: +49-7723-920-1109; e-mail: knahl@ hsfurtwangen.de).
II. IT MANAGEMENT REQUIREMENTS & FRAMEWORKS
It is very challenging to fully and precisely establish and
evaluate the business impact of IT services (Masak, 2006).
438
World Academy of Science, Engineering and Technology 52 2009
One explanation can be found in the various layers of the IT
infrastructure (Server, Client, Operating Systems, networks
etc...) that are typically “owned” and managed by different
departments of an organization and that there is a rather
limited view across the entire IT model of an organization.
Fig. 3 IT Management Reference Models (Johannsen & Goeken,
2007)
A number of different frameworks for IT Management have
been proposed and established in industry practice in recent
years (Johannsen & Goeken, 2007). The Information
Technology Infrastructure Library (ITIL) is a set of concepts
and policies for managing information technology (IT)
infrastructure, development and operations. ITIL has originally
been developed by United Kingdom's government's Central
Computer and Telecommunications Agency (CCTA) project
and later by the UK Office of Government Commerce (OGC).
ITIL is published in a series of books, the most recent major
additions are the 5 books that cover the ITL Version 3
lifecycle model that were published in 2007. Each of the books
covers an IT management topic. ITIL provides a description of
a number of important IT ‘Best Practices’ with process
definitions, role descriptions and realisation guidelines that can
be tailored to any IT organization to improve efficiency of the
IT-Service provision. Neither organisations themselves nor an
IT management system can be certified as "ITIL-compliant"
(only individual may seek an ITIL certification). However an
organization that has based the provisioning of IT-Services on
ITIL is able to seek compliance and achieve certification under
the international IT Service Management standard ISO/IEC
20000. Both ISO 20000 and its predecessor BS 15000 build
upon established IT Service Management ‘Best Practice’
contained within the ITIL framework. However it can further
be applied to earlier IT Service Management frameworks
originating in industry such as IBM IT Process Model or
Microsoft Operations Framework (that were themselves
largely based on ITIL) (Häusler et al, 2008) (Microsoft2008).
IT Governance on the other hand is a subset of Corporate
Governance focused on IT Compliance, IT Alignment and IT
Strategy (Johannsen & Goeken, 2007). Control Objectives for
Information and related Technology (CobiT) originates from
the Information Systems Audit and Control Association
(ISACA) and was subsequently adopted by the IT Governance
Institute (ITGI) as a best practices framework for IT
Fig. 2 IT Management Areas
According to ITILv3 “IT Service Management is the
management of all processes that co-operate to ensure the
quality of live IT Services, according to the levels of service
agreed with the customer” (Iqbal et al, 2007). Given the fact
that the introduction of IT Service Management activities can
be regarded as an added overhead to an operational
organization, the costs of modeling IT systems, resources, and
processes must be kept at a minimum. However meaningful
decision support and service improvement will ultimately
optimize IT operations and reduce costs (Johannsen &
Goeken, 2006; Masak, 2006). One approach is to identify the
metrics collected at IT level that impact upon the business
level and base the realization of IT Management processes on
“Best Practise” process models (Bartolini et al, 2006).
The process approach According to Mackenzie is “basically
to employ processes and their frameworks to describe, explain,
predict, and alter behavior” (MacKenzie, 2000: 110). The
parts of a process framework according to MacKenzie are (i)
the set of considerations, (ii) the network defining the linkages
between all pairs of considerations and (ii) the set of outcomes
or consequences of the process. The process based approach
facilitates the understanding and the generation of patterns for
IT Service Management in a dynamic business environment.
439
World Academy of Science, Engineering and Technology 52 2009
Governance. CobiT provides corporate managers, external
auditors and IT users with a set of relevant processes,
measures and indicators to facilitate the adoption of
appropriate IT governance and control in an organisation (e.g.
when seeking compliance with Sarbanes Oxley or Euro SOX
related IT Compliance requirements).
ITIL primarily addresses IT efficiency that relates to the
effective operation of IT (e.g. measured by a comparison of
production with cost as in time and money). On the other hand,
CobiT is primarily addressing effecivity and strategy of IT in
the context of an organization. Effectivity relates to producing
a decided, decisive, or desired effect. Strategy relates to the
strategic planning and adaptation (e.g. of structure or
behavior) that serves the core function of IT to contribute to
desired business outcomes.
TABLE 1
TRADITIONAL IT VERSUS MODERN IT
Fig. 4 Functional, Communication and Information Model
Traditional IT
Modern IT (ITSM Processes)
Technology focused
matures to Process focused
„Fire-Fighting“
matures to Preventive
Reactive
matures to Proactive
User
matures to Customer
Centralised or Distributed Ad matures to Centralised / Outsourced Support
Hoc In-House Support
Isolated IT Siloes
matures to Holistic IT Architecture
Ad Hoc Processes
matures to Repeatable, Measurable
Unstructured Processes
matures to Formal Best-Practise Processes
IT Perspective
matures to Business Perspective
Functional Orientation
matures to Business Orientation
IT Goals
matures to Business Goals
Current research and developments aim to further provide
guidance on how Management Systems can be planned and
developed within their architectural frameworks and how to
integrate
different Functional, Communication and
Information models (Pras, 2007). A novel management system
should further combine this with an appropriate planning and
operation strategy for the provision of IT Services and ITAlignment (Masak, 2006). However the heterogeneity of
today’s communication infrastructures and services in which
Management must be performed means that a common and
accepted architecture for the provision of Integrated Network
and System Management is currently not available (Lewis,
2003; Pavlou, 2007).
The integration of Network and System Management and
of the various management technologies and applications is an
issue that has not been resolved satisfactorily (Lewis, 2003;
Pavlou, 2007, Pras, 2007). The integration of management
services is becoming increasingly critical because of new
services and resources in networked systems and because of
the diversity of management architectures. One challenge is at
which level integration should take place (e.g. at the
management tool level), what should be integrated (e.g. user
interface, events or data) and what the integration interface
should look like. Integration is an extremely important issue.
Until now, only partial solutions based on the Management
Platform approach such as HP OpenView have been available.
The Management Platform acts as a management middleware
between the networked resources and services and the
specialised management applications. The lack of integration
of management services for existing IT infrastructures results
in higher costs and personnel requirements. It is not only a
system or technology oriented problem but also an
organisational problem.
The main idea behind Integrated Network and System
Management (INSM), that forms the basis for IT Service
Management and IT Governance, is to provide management
services that cover the different layers of the service model for
networked IT architectures. Although INSM development and
operation has received considerable attention in research and
industry, it is an area that is currently not well addressed by
standards, implementations and design guidelines (Lewis,
2003; Pras, 2007). However it has received increased attention
over the last few years, partly caused by the arising
management challenges and the funding opportunities from
new research led initiatives (e.g. the FP7 programme in
Europe). In the area of Network Management, the IETF
management related standards (e.g. SNMPv1-SNMPv3,
NETCONF) focus primarily on TCP/IP related management
provision, the TMN family of standards focusing primarily on
telecommunications networks (Pavlou, 2007). System
management is commonly encountered on an application
specific basis given that related methodologies and approaches
for the management of distributed services are still at the
development stage (e.g. license and performance monitoring).
440
World Academy of Science, Engineering and Technology 52 2009
III. IT MANAGEMENT STAKEHOLDER AND RELATED
RESEARCH
successful applications of a technology or concepts, but there
are typically more failures).
TABLE II
ITSM / INCIDENT MANAGEMENT IN HIGHER EDUCATION (SEE ALSO (WILD,
2008) AND (HANNEMACHER, 2008))
Eidgenössische
Technische
Hochschule Zürich
(Switzerland)
General
Number Staff /Students 8.000 / 12.000
Number Calls/Year(2005) 18.000
First Level
Opening Times
Fig. 5 IT Management Stakeholder
The area of ITSM and ITIL have received significant
attention in industry and academia in recent years. However
little scholarly work exists on this topic. Chesbrough and
Spohrer (2006) indicate that “…in services there is no
academic community of scholars that shares a common
mission to understand the roots of this arena of economic
activity, or how to advance it. Granted, services subfields are
emerging in separate, siloed academic areas such as
management, engineering, and computer science schools, but
precious few attempts to integrate them have been
undertaken… Through developing common terminology and
methods that increase our insight into the services domain, we
can reconnect universities to the dominant economic activities
of the larger society that supports them.” Reasons for this are
the relative newness of widespread interest in areas such as IT
Service Management (even though ITIL and other Best
Practice Frameworks have been around for the last 2 decades)
or the perceived focus on industrial, productive IT operations
of existing technologies rather than the development of new
technologies.
Another interesting area of research is the requirements
specific adoption and configuration of IT Service Management
and IT Governance Models. Goeken and Alter (2008) refer to
this strategy as “situational method engineering” to provide
methodological support for model adoption and configuration
as models such as CobiT or ITIL are rarely implemented in
their entirety.
According to the Gartner Hype Cycles for Higher Education
for the years 2006-2008, CobiT has remained in the first phase
of the Hype Cycle (i.e. the "technology trigger" or
breakthrough, the product launch or other event that generates
significant press and interest). On the other hand ITIL
remained at the "Peak of Inflated Expectations" (i.e. the next
phase, when a frenzy of publicity typically generates overenthusiasm and unrealistic expectations; there may be some
8-18 (Mo-Fr)
Freie Universität
Berlin (Germany)
Katholieke
Universiteit Leuven
(Belgium)
Universität Basel
(Switzerland)
? / 35.000
Unknown
8.100 / 30.000
10.000
5.000 / 9.750
Unknown
9-18 (Mo-Sa)
9-11:30/14-16:30 (MoFr)
No
Telephone, E-Mail
Single Point of Contact
Support Channels
No
Telephone, E-Mail,
Counter
8-20 (Mo-Fr)
8-14 (Sa)
No
Telephone, E-Mail,
Berater bei PC-Pools
Stundents as Help Desk
Staff
2nd/3rd-Level
Direct Access to 2nd/3rdLevel
Organisation
Fixer Incident owner
Adoption Ticket-System
Discontinued
Yes
No (planned)
Telephone, E-Mail,
Counter, IT Support
"Consultants", …
Yes
Yes (gewünscht)
Yes
Yes
Yes
No
Entire central IT
Helpdesk
Part of central IT
No
Part of central IT
No
No Ticket System
No HD
Qualitätsmanagment / Kundenzufriedeneit
Formalised QM Process Yes
No
No
No
Review / Analysis Tickets Initial
Initial
Initial
Kein TS
Monitoring of Suppport- No
Availability
Tools
Ticket-System
Yes (ITIL Certified)
No
No
No
Yes (multiple TicketRequest Tracker)
Yes
No
Yes (OTRS)
No
Yes
No
Unknown
No
Solution Database
Configuration Mgmt DB
Yes
No
Wild (2008), Wan (2008) and Hannemacher (2008) further
point out that IT Management (e.g. based on ITIL) is gaining
momentum not only in industry but also in Higher Education
and can improve the delivery, planning and control of IT
services. However they further suggest, that the implicit
complexity (e.g. regarding organisational change) remains a
key issue that must be addressed in ongoing implementations
and that key processes and functions (e.g. Incident
Management or Service Desk) are the primary focus (see also
Table ).
IV. INTEGRATED MANAGEMENT CASE STUDY
The case study at the University of Applied Sciences
Furtwangen further illustrates the adaptation of „Best Practice“
Frameworks and illustrates the challenges and opportunities
for holistic IT Management.
441
Governance related activities (e.g. IT Alignment). This is
particularly crucial to clarify and structure the planning,
introduction and delivery of IT Services in a distributed and
historically grown IT organization (e.g. centralized IT Services
versus Faculty based IT Services). Hence the introduction and
usage of IT Service Management with Service Level
Agreements (SLAs) and Key Performance Indicators (KPIs) is
crucial for achieving success in IT Service support and
delivery.
Following an analysis of the current situation with the key
stakeholders, the following ITILv3 processes and functions
were identified for the 1st phase of the ITSM rollout (see also
Fig. 8):
x Service Strategy: Service Portfolio Management;
x Service Design: Service Catalogue Management,
Service
Level
Management,
Availability
Management, Security Management;
x Service Transition: Configuration Management;
x Service Operation: Incident Management, Service
Desk, Problem Management.
,76HUYLFH0DQDJHPHQW
6\VWHP0DQDJHPHQW
1HWZRUN0DQDJHPHQW
6HUYLFH'HVN+HOS 'HVN
World Academy of Science, Engineering and Technology 52 2009
0DQDJHPHQW3ODWIRUP
0DQDJHG2EMHFWV1HWZRUNV,76HUYLFHV
Fig. 6 Integration of Management Tools & Processes
A number of tools and processes are currently in place for
Integrated Facility, Network and System Management. To
facilitate the provision of structured and repeatable processes,
the various tools can be integrated (e.g. based on HP BTO
Service Management and Network Management Product
Centers as illustrated in Fig. 7). The core IT operational
processes can the be modeled and implemented by this
architecture based on ITILv3 recommendation.
Fig. 8 ITILv3 Processes for Campus Solution
Among those processes, the Service Desk has been
identified as a key function. The Service Desk plays a central
role in the realization of integrated IT Management as defined
by ITIL. The Service Desk provides a Single Point of Contact
(SPOC) for the interaction with users of IT services to satisfy
both customer (i.e. the entity paying for the usage of IT
services) the and IT provider (i.e. the entity providing the IT
Services) objectives. Furthermore the Incident Management
process has been identified as the crucial ITIL process to
facilitate communication between the IT user and the IT
provider that is represented through the Help Desk.
Fig. 7 Management Layers
The introduction of standardised IT process activities based
on ITIL is seen as the fundamental underlying activity for the
provision of IT Services and provides the basis for IT
442
World Academy of Science, Engineering and Technology 52 2009
However, “Best Practice” Reference Models such as ITIL or
CobiT require careful analysis and adaptation when used in a
real-world context.
Based on the IT Management theory and the realities of
organizations, this paper proposed an integrated management
architecture. Further management tool adoption and
integration together with the introduction of related, “BestPractice” processes will further support IT Management to
facilitate IT Service Management and IT Governance.
Future work will further consider additions to the proposed
IT Management model and recommendations that reflect the
IT evolution to accommodate additional recommendations,
processes and tools provided by industry and research.
REFERENCES
[1]
Fig. 9 ITIL conform Service Desk
Although ITIL contains basic process and role description
for the ITSM processes such as Incident Management, it must
be adapted to the concrete IT organization. Thus the
theoretical framework must be adapted to the organizational
complexity and the different stakeholders as illustrated in Fig.
10.
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
Fig. 10 ITIL conform Support Hierarchy
[13]
The investigation further highlights the need to align the IT
Infrastructure and Service Management with IT Governance.
CobiT provides a widely used framework for IT Governance
and defines the IT Control Objectives. These objectives (e.g.
Control Objectives for Availability and Capacity Management)
can then be mapped to ITIL processes to define a standardized
and structured realization of core governance activities.
[14]
[15]
V. CONCLUSION
The growing complexity and dependency on IT together
with growing pressures on IT budgets dictate the use of
industry and research best practices to support internal and
external IT Service providers to manage their IT as a business.
443
Bartolini, C.; Salle, M.; Trastour, D.; IT service management driven by
business objectives: An application to incident management. 10th
IEEE/IFIP Network Operations and Management Symposium, 2006.
NOMS 2006. 3-7 April 2006 Page(s):45 – 55.
Chesbrough, H. and Spohrer, J. “A research manifesto for services
science,” Communications of the ACM (49:7), July 2006, pp. 35-40.
Häusler, Oliver ; Schwickert, Axel C. ; Ebersberger, Sascha. IT-ServiceManagement : Referenzmodelle im Vergleich. Justus-Liebig-Universität
Giessen: Arbeitspapiere Wirtschaftsinformatik ; 06 / 2005.
Majid Iqbal, Michael Nieves, Sharon Taylor: Service Strategy; TSO
(The Stationery Office) 2007; Published for the Office of Government
Commerce (OGC)
Wolfgang Johannsen, Matthias Goeken (2007). Referenzmodelle für ITGovernance. dpunkt.verlag GmbH, Heidelberg.
Lewis, D. et al, 2003. Towards the Technology Neutral Modelling of
Management Components. In Journal of Network and Systems
Management, Vol. 11, No. 1.
Mackenzie, K., “Processes and Their Frameworks,” Management
Science (46:1), January 2000, pp. 110-125.
Masak, D. , 2006. IT-Alignment. Springer Verlag.
Microsoft Corporation (Hg.) (2008): “Microsoft Operations Framework
4.0. MOF Overview“. Microsoft TechNet. 25 April 2008. Online under
http://technet.microsoft.com/en-us/library/cc506049.aspx (20 January
2008).
Pavlou, George. On the Evolution of Management Approaches,
Frameworks and Protocols: A Historical Perspective, Journal of
Network and Systems Management, Volume 15, Number 4 / December,
2007, Pages 425-445
Pras, A.; Schonwalder, J.; Burgess, M.; Festor, O.; Perez, G.M.; Stadler,
R.; Stiller, B., "Key research challenges in network management,"
Communications Magazine, IEEE , vol.45, no.10, pp.104-110, October
2007.
Shwartz, L.; Ayachitula, N.; Buco, M.; Surendra, M.; Ward, C.;
Weinberger, S., "Service Provider Considerations for IT Service
Management," Integrated Network Management, 2007. IM '07. 10th
IFIP/IEEE International Symposium on , vol., no., pp.757-760, May 21
2007
Wan, S.H.C.; Yuk-Hee Chan, "IT Service Management for Campus
Environment-Practical Concerns in Implementation," 10th IFIP/IEEE
International Symposium on Integrated Network Management, 2007.
IM '07, May 21 2007: pp.709-712.
Wang Zhen; Zhang Xin-yu; An ITIL-based IT Service Management
Model for Chinese Universities. 5th ACIS International Conference on
Software Engineering Research, Management & Applications, 2007
(SERA 2007). 20-22 Aug. 2007 Page(s):493 – 497
Goeken, Matthias , Alter, Stefanie (2008). Proceedings of the 10th
International Conference on Enterprise Information Systems, ICEIS
2008, 12 - 16, June 2008, Barcelona, Spain.